Chief Information Security Office-Strategy, Programs & GRC Associate

Bank of China Limited, New York BranchNew York, NY, United States

30+ days ago

Job type

Full-time

Job description

Introduction

Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long?term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.

Overview

This incumbent will provide Strategy, Programs, Governance, Risk and Compliance functions as required to fulfill BOCNY information security program requirements. This incumbent will provide Strategy Coordination, CISO Projects Management, Training & Culture, Metrics & Reporting, Governance, Risk Assessments and Compliance, Data Privacy functions as detailed below.

Responsibilities

Includes but not limited to :

Strategy

Coordinate Information Security strategy in alignment with the BOCNY branch strategy
Maintain strategic initiatives tracking and associated KRIs to track progress and execution of the objectives
Conduct quarterly strategy reviews with the CISO team to ensure alignment and momentum continue; Adjust strategy as necessary
Provide end?to?end project management function for all CISO led projects

Programs

Manage all CISO programs, including but not limited to :

Information Security Program

Training & Culture Program

Security Training

Phishing Campaigns

Tabletop Exercises

Data Privacy Program

Governance

Establish and maintain Information Security policies and procedures

Ensure CISO roles and responsibilities are clearly delineated and documented to ensure efficiency, create synergies and ensure TISR is being properly managed across first and second lines

Periodically refresh and update TISR controls guidance in relevant policies and supporting procedures with detailed implementation guidance

Develop, monitor, and track CISO policy adherence measures and metrics

Provide all administrative functions for the Information Security Committee and all its sub?committees

Risk

Establish and enhance a TISR framework that consists of the appropriate components to effectively manage TISR

Conduct risk assessments of TISR for Projects, Third?Party, New Activities and Applications

Develop and execute an TISR annual work plan of risk identification, assessment, and control evaluation and testing activities

Review and contribute to the development and maintenance of the taxonomy for Risk, Process and Controls for TISR domains

Catalog and oversee remediation of TISR issues include those arising from Audit and Regulatory exams, ITRM deep dives, root cause analyses and control testing

Track observed control gaps and root causes and annually refresh CISO policy and procedures to reflect new and enhanced controls

Compliance

Prepare and submit Audit Requests for evidence

Anticipate audit requests and prepare comprehensive approach to for CISO policy and standards and associated implementation

Prepare response evidence for IT / IS related regulatory exams

Recommend changes to policy, process or procedures to align with OCC and other federal guidelines and regulations

Evaluate and provide evidence of compliance for BOCNY Branch

Liaison with LCD / RAO / IAD to ensure collaboration and partnership so that CISO can meet regulatory IT / IS requirements

Data Privacy

Develop and implement strategies to ensure compliance with relevant privacy laws and regulations

Stay up?to?date with changes in data privacy legislation and industry best practices

Assist in the development and maintenance of privacy policies, standards and procedures

Provide oversight and monitoring of privacy risk assessments by the FLUs

Ensure all relevant processes reflect privacy requirements and comply with laws and regulations

Plan and implement privacy training programs and communications

Identify and assess privacy risks within the organization

Metrics & Reporting

Manage all metrics and reporting for CISO

Operational

Executive & Board

Budget & Headcount

Dashboards

Qualifications

Bachelors degree in Business, Risk, Data, Computer Science, Management Information Systems, Engineering, Mathematics, or related field

Minimum 3 years of work experience in Financial services Risk Management, Audit, IT / IS Operations, Data Privacy or other relevant functions

Minimum 2 years of experience in developing and executing IT / IS Risk programs, projects, and policies

Minimum 1 year of experinece working with US Banking Regulations, financial industry standards, and industry standard IT / IS Risk Frameworks

Good understanding of regulatory requirements including FFIEC, GLBA, NIST

Knowledge of Information security and cyber security best practices

Knowledge of systems administration such as Windows Server, Active Directory management, Firewall, UNIX system, network architectures, etc.

Knowledge of security tools such as SIEM, DLP, XDR, EDR, Web Filter etc.

CISSP / CRISC / or IT related certifications preferred

Pay Range

Actual salary is commensurate with candidates relevant years of experience, skillset, education and other qualifications.

USD $42,000.00 - USD $90,000.00 / Yr.

#J-18808-Ljbffr

Create a job alert for this search

Information Security • New York, NY, United States

Related jobs

Promoted
New!

Chief Information Security Office-Strategy, Programs & GRC AVP

Bank of China Limited, New York BranchNew York, NY, United States

Full-time

Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions.Our long-term outlook, ins...Show moreLast updated: 19 hours ago

Promoted
New!

Chief Information Security Office - Security Operation Center Associate

Bank of China Limited, New York BranchNew York, NY, United States

Full-time

Promoted
New!

Chief Information Security Officer

GlocommsNew York, NY, United States

Full-time

This range is provided by Glocomms.Your actual pay will be based on your skills and experience talk with your recruiter to learn more. Registered Investment Advisors (RIAs).Chief Information Securit...Show moreLast updated: 20 hours ago

Promoted

Consultant - Chief Information Security Officer (Fractional / Contract Role)

ArootahNew York, NY, United States

Full-time

Join our experienced roster of consultants that support Hedge Funds and Family Offices.Arootah is a personal and professional development leader in the Investment and Financial Services industry.Ou...Show moreLast updated: 30+ days ago

Promoted
New!

Chief Information Security Office-Strategy, Programs & GRC AVP

Bank of ChinaNew York, NY, United States

Full-time

Promoted

Director of Global Security Investigations and Anti-Falsified Medicine, Latin America & Canada (LaCan)

Novartis Group CompaniesEast Hanover, NJ, United States

Full-time

Lead and manage cross-functional Global Security investigations across the assigned region, serving as a key representative of Novartis' Corporate Governance in addressing internal fraud, corruptio...Show moreLast updated: 30+ days ago

Promoted

Sr. Manager, Executive Protection

Zoetis, IncParsippany, NJ, United States

Full-time

Manager, Executive Protection will be responsible for managing the executive protection program for the Zoetis Executive Team (ZET). This individual will ensure the safety of the CEO and other membe...Show moreLast updated: 20 days ago

Promoted
New!

Chief Information Security Manager

InterSourcesSyosset, NY, United States

Full-time

Chief Information Security Manager.The vCISO shall provide expert virtual cybersecurity services during normal business hours except in the event of a security incident or breach.HCC seeks a fresh ...Show moreLast updated: 19 hours ago

Promoted

Associate Director - Business Resilience - IT Strategy Consulting

GartnerStamford, CT, United States

Full-time

As a Business Resilience Associate Director, IT Consulting, you will oversee project delivery and client relationship management for engagements focused on organizational resilience, business conti...Show moreLast updated: 30+ days ago

Promoted

Project Manager – Security

Blue Ribbon Global technologies LLCNew Brunswick, NJ, US

Full-time

Hello , My name is Garima Gupta and I am a Lead Talent Acquisition Specialist at Blue Ribbon Global Technologies, LLC.I am reaching out to you on an exciting job opportunity with one of our clients...Show moreLast updated: 20 days ago

Promoted

Chief Information Security Officer

ConfidentialNew York, NY, United States

Full-time

Chief Information Security Officer.Mission-driven online provider of musculoskeletal therapy.The Company is seeking a Chief Information Security Officer (CISO) to join its mission of using AI to tr...Show moreLast updated: 30+ days ago

Promoted

Senior Manager, Information Security Office Consultant

Capital OneNew York City, NY, US

Full-time +1

Senior Manager, Information Security Office Consultant.At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security.You are pragmatic and...Show moreLast updated: 21 days ago

Promoted

Senior Director - Security Infrastructure & Endpoint Protection

GartnerStamford, CT, United States

Full-time

Senior Director Analyst - Security Infrastructure & Endpoint Protection.What makes Gartner Research a GREAT fit for you?. You are a team player who values expert insights, bold ideas and intellectua...Show moreLast updated: 30+ days ago

Promoted
New!

Chief Information Security Officer (CISO)

1KosmosIselin, NJ, United States

Full-time

Kosmos is a growing startup revolutionizing identity and authentication solutions.We're seeking a hands-on security leader who thrives in a technical, fast-paced environment and is ready to build a...Show moreLast updated: 19 hours ago

Promoted
New!

Mercer Chief Information Security Officer (CISO)

MMC CorporateNew York, NY, United States

Full-time

We are seeking a talented individual to join our Information and Security team at Mercer.This role can be based in New York, Boston, Dallas, Denver, Houston, Louisville, Morristown, Phoenix, Urband...Show moreLast updated: 20 hours ago

Promoted
New!

Information Security - Vice President

iCapitalNew York, NY, United States

Full-time

Capital is looking for a Vice President Information Security Engineer to join the Information Security team.This role will establish and manage cloud security programs, build new security architect...Show moreLast updated: 20 hours ago

Promoted

United States Customs and Border Protection Officer

U.S. Customs and Border ProtectionShrewsbury, New Jersey, US

Full-time +1

Customs and Border Protection (CBP) offers those interested in a career in law enforcement an exceptional opportunity to work with an elite team of highly trained professionals whose camaraderie, p...Show moreLast updated: 28 days ago

Promoted
New!

Associate Vice President and Chief Information Security Officer

Rutgers UniversityNew Brunswick, NJ, United States

Full-time +1

Associate Vice President and Chief Information Security Officer.Staff & Executive - Information Technology.Rutgers, The State University of New Jersey, stands among the nation's highest-ranked, mos...Show moreLast updated: 20 hours ago